New Delhi, March 18: Aadhaar has emerged as the world’s largest biometric identity system, with around 134 crore active users and over 17,000 crore authentication transactions completed so far, the Parliament was told on Wednesday.
Union Minister of State for Electronics and Information Technology, Jitin Prasada, told the Lok Sabha in a written reply to a question, that the Aadhaar ecosystem, maintained by the Unique Identification Authority of India (UIDAI), plays a key role in enabling identity verification for service delivery.
The UIDAI provides Aadhaar authentication services to authorized entities, allowing verification of an individual's identity using a one-time password (OTP), biometric data such as fingerprints, iris, or facial features, or demographic details, he said.
He added that Aadhaar-based facial authentication, used by authorized entities, is powered by artificial intelligence and machine learning technologies to enable accurate verification.
According to the minister, entities seeking to use Aadhaar authentication services must be registered as Authentication User Agencies (AUA) or KYC User Agencies (KUA) in accordance with the Aadhaar Act.
On data access and retention, Prasada said that AUAs and KUAs maintain authentication logs for two years, which can be accessed by Aadhaar holders or used for grievance redressal. These logs are subsequently archived for five years before being deleted.
He also said that the Aadhaar ecosystem has been designed with strong privacy safeguards, with demographic data encrypted both at rest and in transit, along with legal restrictions on its collection, storage, and usage.
The minister also highlighted that the UIDAI follows a three-tier audit framework, including self-compliance audits, annual information security audits, and governance, risk, compliance, and privacy (GRCP) audits to ensure system integrity.
Furthermore, detailed standard operating procedures mandate informed consent of users, restricted use of authentication for specific purposes, secure data storage, use of certified devices, and prohibition on the retention of biometric data by entities.
The government said that Aadhaar data is stored and processed within India, with safeguards in place to prevent any breach of these provisions.